Adam McDougall
2007-Nov-21 03:20 UTC
[Dovecot] Users w/o acl access appear to be subscribed to public folders (1.1b8)
I noticed this today, I had a user outside of our department test out dovecot. They were using squirrelmail and I noticed that dovecot thinks this user is subscribed to ALL public folders even though a dovecot ACL prevents all access. I'm pretty sure access is still denied. I was able to reproduce this with a guest account I added: l lsub "" "#shared/decs/%" * LSUB (\Noselect) "/" "#shared/decs/linuxadmin" * LSUB (\Noselect) "/" "#shared/decs/jbossadmin" * LSUB () "/" "#shared/decs/support" * LSUB () "/" "#shared/decs/receipts" * LSUB (\Noselect) "/" "#shared/decs/pcadmin" * LSUB () "/" "#shared/decs/network" * LSUB (\Noselect) "/" "#shared/decs/printmaster" * LSUB () "/" "#shared/decs/postmaster" * LSUB (\Noselect) "/" "#shared/decs/unixadmin" * LSUB () "/" "#shared/decs/security" * LSUB (\Noselect) "/" "#shared/decs/webmaster" l OK Lsub completed. This only seems to happen when the acl plugin is enabled. Without the acl plugin, these are not listed as subscriptions. After deleting /egr/mail/shared/decs/dovecot-acl-list and re-enabling the acl plugin, I get this: l lsub "" "#shared/decs/%" * LSUB () "/" "#shared/decs/unixadmin" * LSUB () "/" "#shared/decs/support" * LSUB () "/" "#shared/decs/security" * LSUB () "/" "#shared/decs/printmaster" * LSUB () "/" "#shared/decs/postmaster" * LSUB () "/" "#shared/decs/pcadmin" * LSUB () "/" "#shared/decs/network" * LSUB () "/" "#shared/decs/linuxadmin" * LSUB () "/" "#shared/decs/webmaster" * LSUB () "/" "#shared/decs/jbossadmin" l OK Lsub completed. Is it related, or is it different just because a new dovecot-acl-list got created by another user already (but is mode 700?)
Adam McDougall
2007-Nov-26 04:41 UTC
[Dovecot] Users w/o acl access appear to be subscribed to public folders (1.1b8)
On Tue, Nov 20, 2007 at 10:20:49PM -0500, Adam McDougall wrote: I noticed this today, I had a user outside of our department test out dovecot. They were using squirrelmail and I noticed that dovecot thinks this user is subscribed to ALL public folders even though a dovecot ACL prevents all access. I'm pretty sure access is still denied. I was able to reproduce this with a guest account I added: l lsub "" "#shared/decs/%" * LSUB (\Noselect) "/" "#shared/decs/linuxadmin" * LSUB (\Noselect) "/" "#shared/decs/jbossadmin" * LSUB () "/" "#shared/decs/support" * LSUB () "/" "#shared/decs/receipts" * LSUB (\Noselect) "/" "#shared/decs/pcadmin" * LSUB () "/" "#shared/decs/network" * LSUB (\Noselect) "/" "#shared/decs/printmaster" * LSUB () "/" "#shared/decs/postmaster" * LSUB (\Noselect) "/" "#shared/decs/unixadmin" * LSUB () "/" "#shared/decs/security" * LSUB (\Noselect) "/" "#shared/decs/webmaster" l OK Lsub completed. This only seems to happen when the acl plugin is enabled. Without the acl plugin, these are not listed as subscriptions. After deleting /egr/mail/shared/decs/dovecot-acl-list and re-enabling the acl plugin, I get this: l lsub "" "#shared/decs/%" * LSUB () "/" "#shared/decs/unixadmin" * LSUB () "/" "#shared/decs/support" * LSUB () "/" "#shared/decs/security" * LSUB () "/" "#shared/decs/printmaster" * LSUB () "/" "#shared/decs/postmaster" * LSUB () "/" "#shared/decs/pcadmin" * LSUB () "/" "#shared/decs/network" * LSUB () "/" "#shared/decs/linuxadmin" * LSUB () "/" "#shared/decs/webmaster" * LSUB () "/" "#shared/decs/jbossadmin" l OK Lsub completed. Is it related, or is it different just because a new dovecot-acl-list got created by another user already (but is mode 700?) I found a workaround, if I add "authenticated l" to the top level acl in each namespace (currently only have one enabled) then users aren't force-subscribed to every public folder. It does however grant them the ability to subscribe to my empty top level fake folder which they have no permissions for anyway. This doesn't seem to reduce the level of access by any valid users.
Timo Sirainen
2008-May-04 20:48 UTC
[Dovecot] Users w/o acl access appear to be subscribed to public folders (1.1b8)
On Tue, 2007-11-20 at 22:20 -0500, Adam McDougall wrote:> I noticed this today, I had a user outside of our department test out > dovecot. They were using squirrelmail and I noticed that dovecot thinks > this user is subscribed to ALL public folders even though a dovecot > ACL prevents all access. I'm pretty sure access is still denied.Fixed finally in hg. There were several bugs related to listing mailboxes. -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 189 bytes Desc: This is a digitally signed message part URL: <http://dovecot.org/pipermail/dovecot/attachments/20080504/f6b739aa/attachment-0002.bin>
Adam McDougall
2008-May-05 04:41 UTC
[Dovecot] Users w/o acl access appear to be subscribed to public folders (1.1b8)
Timo Sirainen wrote:> On Tue, 2007-11-20 at 22:20 -0500, Adam McDougall wrote: > >> I noticed this today, I had a user outside of our department test out >> dovecot. They were using squirrelmail and I noticed that dovecot thinks >> this user is subscribed to ALL public folders even though a dovecot >> ACL prevents all access. I'm pretty sure access is still denied. >> > > Fixed finally in hg. There were several bugs related to listing > mailboxes. > >Great! I will test this tomorrow. I loaded rc5 on my two test servers and I will review it for any existing issues as you asked in the rc5 announcement. Thanks.
Reasonably Related Threads
- dovecot 1.1b4 not listing public folder children
- unexpected LSUB / LIST (SUBSCRIBED) output Re: Panic: file mailbox-list-subscriptions.c: line 66 (mailbox_list_subscription_fill_one): assertion failed: (ns!= NULL && (ns->flags & NAMESPACE_FLAG_AUTOCREATED) != 0)
- Thunderbird subscription bug ?
- Imap Ghost folder
- Windows XP Machines (well mostly the XP ones) hanging